Page 3

Technology: Open Source

Is open source a software product or a philosophy? CIOs don't really care, as long as it soothes their headaches rather than creating new ones.

CIOs have always fanatically sought to simplify their IT architecturesand no more so than in recent years, as companies struggled to align their IT programs with business strategy while putting a premium on stripping away unnecessary costs, complexity and risk. So why in the world would CIOs give a second glance to a new software infrastructure such as Linux, developed by a loose federation of thousands of individual programmers operating outside the womb of a highly structured technology provider?

CIOs and others believe it's simple: Linux has proved its mettle in relatively commoditized but increasingly important uses, such as Web infrastructure and file/print/network services. Now it's moving toward prime-time status for mission-critical applications. For more and more CIOs, the question of whether to deploy Linux has been resolved, thanks to widespread agreement on its reliability, cost efficiency and solid support from a growing list of top vendors. Instead, CIOs are now turning their attention to the nitty-gritty question of how and where the software fits into their IT programs. "Particularly for early adopters who are comfortable with new technologies in general, it has definitely become a strategic asset," says Scott Lundstrom, who heads the technology research practice at AMR Research in Boston.

One company that has moved to an open-source model for its infrastructure requirements is Mobil Travel Guide in Park Ridge, Ill., a division of Exxon Mobil Corp. that publishes guides and other information for travelers. "We weren't necessarily looking for Linux, but when our business partner recommended it and explained the rationale, we realized it was a very good choice for us, because it would keep up with us as our needs increased," says CIO and senior vice president Paul Mercurio. "The technology is so much more mature today than when we made the decision 18 months ago, with companies like IBM Corp., Hewlett-Packard Co. and Sun Microsystems Inc. endorsing it and actively supporting it."

Of course, few if any companies see technology products as strategies unto themselves, and Linux is no exception. "Linux is an operating system, not a business strategy," says Scot Klimke, CIO of Network Appliance Inc., a Sunnyvale, Calif.-based supplier of network storage systems. "Linux does have some clear benefits, such as helping us meet the business objective of reducing overall IT expense, but Linux is only one vehicle for doing that."

Certainly, Linux has its limitations: Most agree that its performance still doesn't scale particularly well, especially compared to Unix, its chief competitor for large-scale infrastructure needs. And, of course, there's the reality of Linux's relative dearth of enterprise business applications, compared with Windows.

But those concerns are diminishing. At Rochester, N.Y.-based Harris Interactive Inc., a market research and consulting services firm, CIO Peter Milla says that while Linux isn't yet occupying a strategic place in his IT plan, its benefit is clear: significant cost savings over the Unix-based architecture he was using for data-tabulation applications. "It was a real no-brainer for us," he says. "It's a $20,000 investment in a tier-one [Compaq] box, which allowed us to increase our throughput and avoid a $100,000 investment in an H-P Unix box. Like most companies, we have a lot of Intel-based expertise on staff, and this lets us leverage that."

Ask Potential Vendors:

Which of your customers have gained measurable business benefit from Linux?

Ask Your Business Executives:

What, if any, expectations do you have about how Linux could help in aligning IT with business strategy?

Ask Your IT Staff:

Can our infrastructure benefit from deploying Linux now?

Page 2

TechnologyWhen it comes to security and scalability, technology really does matter.

Open-source products, such as Linux, MySQL, the Apache Web server and the Perl programming language, have long spawned passionate debates about their various technological pros and cons compared with their counterparts in Windows, Unix and proprietary software environments. But for CIOs, the inevitable weighing of technology advantages today centers primarily on two issues: security and scalability.

Unquestionably, commercial Linux software has yet to suffer the same crippling impact of worms, viruses and denial-of-service attacks endured by the Windows camp; there have yet to be high-profile equivalents of viruses like Blaster and SoBig in the Linux world. But is that because Linux is, by virtue of its code or the open-source development process, inherently more secure than other operating systems? Or is it simply because Linux's smaller market share makes it a less inviting target for attacks?

AMR's Lundstrom (who also doubles as his firm's chief technology officer) believes that Linux's security edge is based in its technology. "Yes, it's true that Linux is not a status symbol for hackers, but the truth is that the software is designed differently," he points out. "It's modular by design, and knowledgeable people can segment it to support only the features they need, such as instant messaging."

But while the source of Linux's supposed security advantage over other operating systems continues to be a subject of debate, there's been little doubt about the historic scalability limitations of Linux. Most agree that Linux's strength has been in low-end Intel-based server environments, often topping out at 4- or 8-processor server configurations used for Web servers and simple file/print servers. That has limited the software's appeal to tactical situations, rather than the mission-critical data-center requirements needed to support up to 64-processor servers used for number-crunching applications such as energy exploration or sophisticated financial modeling.

However, the tide is turning there, too. The new version of the Linux kernel, called 2.6, promises support for 16-way servers, and high-end server maker Silicon Graphics Inc. earlier this year unveiled 64-way Linux support on its new servers.

"Scale used to be an issue of concern, but that's no longer the case," says Bill Claybrook, an analyst at the Aberdeen Group in Boston. "SGI has 64-way Itanium running Linux, and IBM and H-P both are running not only 8-way versions, but often 16-way. How many applications out there really need to go beyond 16-way today?"

Rob Meyer, director of Internet services at Anaconda Sports Inc., a Lake Katrine, N.Y.-based wholesaler and retailer of sporting goods, says he went with a Linux system recommended by his local reseller because he was confident it would grow with his needs. "We were looking for a better, more robust back-end system for database integration than the Windows system we had," he says. "Linux allowed us to scale our back-end system to 4 terabytes, compared with the previous 2-gigabyte Windows system we had."

Another technology issue to consider: How diverse is your architecture? CIOs and analysts agree that IT organizations used to heterogeneous environments will have a much easier time with Linux than those based primarily on a single platform. That's because CIOs in multiplatform environments already have wrestled with key issues such as connectivity, application integration and multivendor security. "If you're principally or overwhelmingly a Windows shop, it will be a more difficult transition for you," Lundstrom says. "If you're already a diverse organization, with things like Unix, Lotus Notes and terminal emulation, you can make the transition to Linux a lot easier."

Ask Your Staff:

Have you tested Linux's performance on our larger servers to see if it scales adequately?

Ask Your Software Vendors:

How many security patches have you issued for Linux versions of your software in the past six months?

Tell Your Executives:

Linux is solid technology, but that doesn't make it absolutely impenetrable to security attacks.

Page 3

SupportWhen all else is stripped away, a CIO's decision often centers on confidence. And that confidence is derived largely from a feeling that high-quality technical support will be there from top-shelf providers.

For years, many CIOs have held back from embracing Linux because they were concerned about who would provide the necessary support for the software. After all, IBM was the only major hardware vendor enthusiastically embracing Linux with a substantial support mechanism, while most major independent software vendors had moved only haltingly into the Linux camp. And resellers and systems integrators hadn't yet built up a critical mass of support tools and methodologies for business applications.

Today, however, most agree that's changed. All major hardware vendors are offering industrial-strength support for enterprise customers, and an increasing number of leading software publishers have done the same.

Network Appliance's Klimke, although hesitant about Linux's fit for his organization today, believes the support issue is moving in the right direction. "CIOs prefer a standard-supported, engineered commercial product that has a future and will be accountable," he says. "I am comfortable that Linux itself is close to that by virtue of its embrace by major systems vendors."

Corporate customers also point out that value-added resellers and systems integrators have developed real-life success stories in not only implementing, but actually supporting Linux for important business applications. "Since we'd never had Linux inside our organization before, we wanted to be fully sure that our partner [IBM] would be able to provide the hands-on support we'd need," says Meyer of Anaconda Sports. "We wanted to know that they'd actually worked with other companies with environments similar to ours, so that they knew how to support us on an ongoing basis."

Jay Bahel, CIO of Brunswick New Technologies, a division of Lake Forest, Ill.-based Brunswick Corp., a manufacturer of marine navigation systems and engine control systems, stressed the importance of knowing the support capabilities of open-source software suppliers. "You absolutely must make sure you're not getting something from hackers in China, but from guys with a real P&L model and the financial resources to support you," he says. "We use it to run mission-critical applications, and we would not do it unless we could get high-quality support. You must be able to bet the bank on the support."

Ask Your Software Vendors:

What kind of vendor-specific and vendor-neutral certifications have your support personnel received for Linux?

Ask Your Hardware Vendors:

Will you be available any time of the day or night if my Linux environment falters?

Ask Your Staff:

Does our present network-monitoring software work with the Linux apps we want to deploy?

Page 4

Community

Is the Linux developer community dominated by wild-eyed dreamers, zealots and technology socialists? Or is it a highly democratized force of expert coders?

Plenty of IT organizations have pondered whether the supposed benefit of the open-source developer community was all it was cracked up to be. Was the advantage of leveraging the collective contributions of passionate programmers, benevolently overseen by the now-iconic Linus Torvalds, worth the anxiety of working with a largely unstructured group of developers?

"When I think of the Linux developer community, the pro is their enthusiasm and support for each other," says Mary Scavarda, CIO of Argonaut Insurance Co. in Menlo Park, Calif., which is evaluating migrating from Unix to Linux. "The flip side is that it seems unstructuredless than professional."

That image of the open-source community as a ragtag group of freelancing programmers with wildly divergent motivations is beginning to melt away, however. And with that change comes more confidence in the quality of both open-source code itself and the support provided by key hardware and software vendors. "The makeup of the community used to be a concern for an enterprise buyer, especially for the CEO even more than the CIO," according to Aberdeen's Claybrook. "But if you look at who's part of the open-source developer community today, it's increasingly made up of people who work at large commercial organizations like Red Hat Inc. and IBM. It's no longer this loosey-goosey group of rogue developers; they're elite programmers who really want to do this, rather than being assigned to it."

That means that when a new feature, such as messaging or network monitoring, is approved and added to the kernel, corporate IT developers can make use of and even enhance those added features. Of course, the downside of this "community of coders" is that when new code is returned to the community, it hasn't been tested for howor ifit will run with another company's core applications. That means CIOs need to make sure their development teams are doing compatibility and security testing of the new code.

It's also important to remember that, while Linux may be free of licensing costs, there still are important legal requirements to consider. The "rules of the road" for working with the Linux community's code are set down in the General Public License, which companies have to sign if they want to use the Linux source code for development. The GPL does not restrict selling or redistributing Linux-based software; however, it does require that source-code modifications be returned to the open-source community as full source code. CIOs should advise their development teams to be careful not to inadvertently return proprietary applications code to the communityonly modifications to the source code.

When push comes to shove, the central issue concerning the open-source development community has less to do with how the community operates than it does with letting the CIO sleep easier at night. Marten Mickos, CEO of MySQL AB, the Swedish developer of the popular MySQL open-source database, admits there's a lot of "romance" surrounding the supposedly non-commercial motivation of the open-source developer world. "But the CIO doesn't give a damn about all that altruistic stuff," says Mickos. "He wants to know it will work, that it will save him money and that it will be supported for at least 10 to 20 years."

Ask Your CTO:

Have you tested new applications based on open-source code to make sure they work in our legacy environments?

Ask Your Programmers:

What, if any, experiences have you had in contributing to the development of open source?

Ask Your Legal Counsel:

What intellectual property issues should we be evaluating before signing the General Public License?

Strategic Profile Sabre Holdings

Corp.">
Strategic Profile Sabre Holdings Corp.

Sabre Holdings Corp., based in Southlake, Texas, is a $2.1 billion holding company with four technology-based travel business units: the Travelocity online travel site; the Sabre Travel Network, which operates the Sabre reservations system for travel agents, suppliers and travelers; GetThere, a Web-based corporate travel service; and Sabre Airline Solutions, which provides software and consulting services to airlines.

Top IT Exec Craig Murphy, senior vice president and chief technology officer

Problem Sabre, like the entire travel industry, is always looking for ways to reduce operating costs while improving customer service. The company has been using Unix for much of its infrastructure, but wanted to find a way to reduce infrastructure costs, particularly as traffic on its travelocity.com travel site has increased.

Strategic Fit Linux isn't necessarily a strategic product, but rather "a better hammer for reducing infrastructure costs and creating a more flexible architecture. But it's a better hammer that fits nicely into our overall IT strategy. We've got to get faster, better, cheaper solutions into our infrastructure, and Linux lets us get there," he notes.

Open-Source Experience Sabre's long-term experience with the popular Apache Web server software for Travelocity has made the company very comfortable with the notion of working with the open-source development community. Now, it has moved more aggressively by adopting the MySQL open-source database, along with Linux-based server clusters for shopping applications.

Lessons "From a cost perspective and a capabilities perspective, you've got to consider Linux," says Murphy. "Your cost at the scaling point, after the initial implementation, is essentially zero, and you're getting a robust environment that delivers the intangible benefit that your technicians love to work on Linux."

The Caveat? "There's the potential for anarchy inside your company, for multiple, incompatible flavors of Linux in different departments, since it's so easy and cost-effective for any department in your company to go to the Internet and get the code." To combat that, companies need to identify, and stick to, a well-documented, defined architecture, says Murphy.

Mike Perkowski has followed the IT industry as a reporter, editor, publisher and marketing consultant for the past 25 years.